lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190614161148.vti6mhvnxfwweznc@gondor.apana.org.au>
Date:   Sat, 15 Jun 2019 00:11:48 +0800
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     Nicolas Dichtel <nicolas.dichtel@...nd.com>
Cc:     steffen.klassert@...unet.com, davem@...emloft.net,
        netdev@...r.kernel.org, Anirudh Gupta <anirudh.gupta@...hos.com>
Subject: Re: [PATCH ipsec] xfrm: fix sa selector validation

On Fri, Jun 14, 2019 at 11:13:55AM +0200, Nicolas Dichtel wrote:
> After commit b38ff4075a80, the following command does not work anymore:
> $ ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 34 reqid 1 \
>   mode tunnel enc 'cbc(aes)' 0xb0abdba8b782ad9d364ec81e3a7d82a1 auth-trunc \
>   'hmac(sha1)' 0xe26609ebd00acb6a4d51fca13e49ea78a72c73e6 96 flag align4
> 
> In fact, the selector is not mandatory, allow the user to provide an empty
> selector.
> 
> Fixes: b38ff4075a80 ("xfrm: Fix xfrm sel prefix length validation")
> CC: Anirudh Gupta <anirudh.gupta@...hos.com>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>

Acked-by: Herbert Xu <herbert@...dor.apana.org.au>

Sorry for not catching this!

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ